hack/release - external/github.com/docker/docker-credential-helpers - Git at Google

 #!/usr/bin/env bash

 set -e

 : "${BUILDX_CMD=docker buildx}"
 : "${DESTDIR=./bin/release}"
 : "${CACHE_FROM=}"
 : "${CACHE_TO=}"

 : "${SIGN=}"
 : "${PFX=}"
 : "${PFXPASSWORD=}"

 if [ -n "$CACHE_FROM" ]; then
 	for cfrom in $CACHE_FROM; do
 		cacheFlags+=(--set "*.cache-from=$cfrom")
 	done
 fi
 if [ -n "$CACHE_TO" ]; then
 	for cto in $CACHE_TO; do
 		cacheFlags+=(--set "*.cache-to=$cto")
 	done
 fi

 dockerpfx=$(mktemp -t dockercredhelper-pfx.XXXXXXXXXX)
 function clean {
 	rm -f "$dockerpfx"
 }
 trap clean EXIT

 # release
 (
 	set -x
 	${BUILDX_CMD} bake "${cacheFlags[@]}" --set "*.output=$DESTDIR" release
 )

 # wrap binaries
 mv -f ./${DESTDIR}/**/* ./${DESTDIR}/
 find ./${DESTDIR} -type d -empty -delete

 # sign binaries
 if [ -n "$SIGN" ]; then
 	for f in "${DESTDIR}"/*".darwin-"*; do
 		SIGNINGHASH=$(security find-identity -v -p codesigning | grep "Developer ID Application: Docker Inc" | cut -d ' ' -f 4)
 		xcrun -log codesign -s "$SIGNINGHASH" --force --verbose "$f"
 		xcrun codesign --verify --deep --strict --verbose=2 --display "$f"
 	done
 	for f in "${DESTDIR}"/*".windows-"*; do
 		echo ${PFX} | base64 -d > "$dockerpfx"
 		signtool sign /fd SHA256 /a /f pfx /p ${PFXPASSWORD} /d Docker /du https://www.docker.com /t http://timestamp.verisign.com/scripts/timestamp.dll "$f"
 	done
 fi

 # checksums
 (
   cd ${DESTDIR}
   sha256sum -b docker-credential-* > ./checksums.txt
   sha256sum -c --strict checksums.txt
 )
	#!/usr/bin/env bash

	set -e

	: "${BUILDX_CMD=docker buildx}"
	: "${DESTDIR=./bin/release}"
	: "${CACHE_FROM=}"
	: "${CACHE_TO=}"

	: "${SIGN=}"
	: "${PFX=}"
	: "${PFXPASSWORD=}"

	if [ -n "$CACHE_FROM" ]; then
	for cfrom in $CACHE_FROM; do
	cacheFlags+=(--set "*.cache-from=$cfrom")
	done
	fi
	if [ -n "$CACHE_TO" ]; then
	for cto in $CACHE_TO; do
	cacheFlags+=(--set "*.cache-to=$cto")
	done
	fi

	dockerpfx=$(mktemp -t dockercredhelper-pfx.XXXXXXXXXX)
	function clean {
	rm -f "$dockerpfx"
	}
	trap clean EXIT

	# release
	(
	set -x
	${BUILDX_CMD} bake "${cacheFlags[@]}" --set "*.output=$DESTDIR" release
	)

	# wrap binaries
	mv -f ./${DESTDIR}/*/ ./${DESTDIR}/
	find ./${DESTDIR} -type d -empty -delete

	# sign binaries
	if [ -n "$SIGN" ]; then
	for f in "${DESTDIR}"/".darwin-"; do
	SIGNINGHASH=$(security find-identity -v -p codesigning \| grep "Developer ID Application: Docker Inc" \| cut -d ' ' -f 4)
	xcrun -log codesign -s "$SIGNINGHASH" --force --verbose "$f"
	xcrun codesign --verify --deep --strict --verbose=2 --display "$f"
	done
	for f in "${DESTDIR}"/".windows-"; do
	echo ${PFX} \| base64 -d > "$dockerpfx"
	signtool sign /fd SHA256 /a /f pfx /p ${PFXPASSWORD} /d Docker /du https://www.docker.com /t http://timestamp.verisign.com/scripts/timestamp.dll "$f"
	done
	fi

	# checksums
	(
	cd ${DESTDIR}
	sha256sum -b docker-credential-* > ./checksums.txt
	sha256sum -c --strict checksums.txt
	)